Domain 2.3 Given a scenario, troubleshoot common security issues. Flashcards
Syslog server
a centralized server that aggregates the log files from the devices on the network.
where would you check for a revoked certificate
a CRL (Certificate Revokation List) which is updated only when you get to it or OCSP ( Online Certificate Status Protocol) which is realtime/immediate.
test question “blah blah, you need to revoke a certificate, now blah blah.”
only available correct answer on the test is CRL (Certificate Revocation List).
Data exfiltration
Data leaving this network
Baseline Deviation
Any changes to the default baseline by anyone other than an administrator is a baseline deviation
Baseline
build out one computer exactly how you want each future computer setup. Create an image and apply that image/baseline to other computers.
What is a content filter mechanism that can reduce the possibility of malicious executable code being accepted as input?
A. Checking the length
B. Blocking hex characters
C. Escaping metacharacters
D. Filtering on known patterns of malicious content
C. Escaping metacharacters
You are called to a investigate an incident on the network where a user has installed unauthorized software which resulting in a RAT being installed. Of the following which is true? (Select Two)
A. Nothing is wrong since a RAT is not a concern.
B. Unauthorized software installation would have been prevented with an application whitelist.
C. The user should have scanned the file prior to installing it.
D. Users privileges should be reviewed.
B. Unauthorized software installation would have been prevented with an application whitelist.
D. Users privileges should be reviewed.